Skip to content

Commit

Permalink
Support credential helpers in container_pull (#2034)
Browse files Browse the repository at this point in the history
  • Loading branch information
@linzhp
linzhp authored Apr 19, 2022
1 parent 8cf7db7 commit 6ea707b
Show file tree
Hide file tree
Showing 4 changed files with 30 additions and 4 deletions.
15 changes: 15 additions & 0 deletions container/pull.bzl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,13 @@ _container_pull_attrs = {
""",
mandatory = False,
),
"cred_helpers": attr.label_list(
doc = """Labels to a list of credential helper binaries that are configured in `docker_client_config`.
More about credential helpers: https://docs.docker.com/engine/reference/commandline/login/#credential-helpers
""",
mandatory = False,
),
"import_tags": attr.string_list(
default = [],
doc = "Tags to be propagated to generated rules.",
Expand Down Expand Up @@ -220,6 +227,14 @@ def _impl(repository_ctx):
args.extend(["-timeout", str(repository_ctx.attr.timeout)])
kwargs["timeout"] = repository_ctx.attr.timeout

if repository_ctx.attr.cred_helpers:
kwargs["environment"] = {
"PATH": "{}:{}".format(
":".join([str(repository_ctx.path(helper).dirname) for helper in repository_ctx.attr.cred_helpers]),
repository_ctx.os.environ.get("PATH"),
),
}

result = repository_ctx.execute(args, **kwargs)
if result.return_code:
fail("Pull command failed: %s (%s)" % (result.stderr, " ".join([str(a) for a in args])))
Expand Down
9 changes: 5 additions & 4 deletions docs/container.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -160,10 +160,10 @@ The created target can be referenced as `@label_name//image`.
## container_pull

<pre>
container_pull(<a href="#container_pull-name">name</a>, <a href="#container_pull-architecture">architecture</a>, <a href="#container_pull-cpu_variant">cpu_variant</a>, <a href="#container_pull-digest">digest</a>, <a href="#container_pull-docker_client_config">docker_client_config</a>, <a href="#container_pull-import_tags">import_tags</a>, <a href="#container_pull-os">os</a>,
<a href="#container_pull-os_features">os_features</a>, <a href="#container_pull-os_version">os_version</a>, <a href="#container_pull-platform_features">platform_features</a>, <a href="#container_pull-puller_darwin">puller_darwin</a>, <a href="#container_pull-puller_linux_amd64">puller_linux_amd64</a>,
<a href="#container_pull-puller_linux_arm64">puller_linux_arm64</a>, <a href="#container_pull-puller_linux_s390x">puller_linux_s390x</a>, <a href="#container_pull-registry">registry</a>, <a href="#container_pull-repo_mapping">repo_mapping</a>, <a href="#container_pull-repository">repository</a>, <a href="#container_pull-tag">tag</a>,
<a href="#container_pull-timeout">timeout</a>)
container_pull(<a href="#container_pull-name">name</a>, <a href="#container_pull-architecture">architecture</a>, <a href="#container_pull-cpu_variant">cpu_variant</a>, <a href="#container_pull-cred_helpers">cred_helpers</a>, <a href="#container_pull-digest">digest</a>, <a href="#container_pull-docker_client_config">docker_client_config</a>,
<a href="#container_pull-import_tags">import_tags</a>, <a href="#container_pull-os">os</a>, <a href="#container_pull-os_features">os_features</a>, <a href="#container_pull-os_version">os_version</a>, <a href="#container_pull-platform_features">platform_features</a>, <a href="#container_pull-puller_darwin">puller_darwin</a>,
<a href="#container_pull-puller_linux_amd64">puller_linux_amd64</a>, <a href="#container_pull-puller_linux_arm64">puller_linux_arm64</a>, <a href="#container_pull-puller_linux_s390x">puller_linux_s390x</a>, <a href="#container_pull-registry">registry</a>, <a href="#container_pull-repo_mapping">repo_mapping</a>,
<a href="#container_pull-repository">repository</a>, <a href="#container_pull-tag">tag</a>, <a href="#container_pull-timeout">timeout</a>)
</pre>

A repository rule that pulls down a Docker base image in a manner suitable for use with the `base` attribute of `container_image`.
Expand Down Expand Up @@ -196,6 +196,7 @@ please use the bazel startup flag `--loading_phase_threads=1` in your bazel invo
| <a id="container_pull-name"></a>name | A unique name for this repository. | <a href="https://bazel.build/docs/build-ref.html#name">Name</a> | required | |
| <a id="container_pull-architecture"></a>architecture | Which CPU architecture to pull if this image refers to a multi-platform manifest list, default 'amd64'. | String | optional | "amd64" |
| <a id="container_pull-cpu_variant"></a>cpu_variant | Which CPU variant to pull if this image refers to a multi-platform manifest list. | String | optional | "" |
| <a id="container_pull-cred_helpers"></a>cred_helpers | Labels to a list of credential helper binaries that are configured in <code>docker_client_config</code>.<br><br> More about credential helpers: https://docs.docker.com/engine/reference/commandline/login/#credential-helpers | <a href="https://bazel.build/docs/build-ref.html#labels">List of labels</a> | optional | [] |
| <a id="container_pull-digest"></a>digest | The digest of the image to pull. | String | optional | "" |
| <a id="container_pull-docker_client_config"></a>docker_client_config | Specifies a Bazel label of the config.json file.<br><br> Don't use this directly. Instead, specify the docker configuration directory using a custom docker toolchain configuration. Look for the <code>client_config</code> attribute in <code>docker_toolchain_configure</code> [here](https://github.com/bazelbuild/rules_docker#setup) for details. See [here](https://github.com/bazelbuild/rules_docker#container_pull-custom-client-configuration) for an example on how to use container_pull after configuring the docker toolchain<br><br> When left unspecified (ie not set explicitly or set by the docker toolchain), docker will use the directory specified via the <code>DOCKER_CONFIG</code> environment variable.<br><br> If <code>DOCKER_CONFIG</code> isn't set, docker falls back to <code>$HOME/.docker</code>. | <a href="https://bazel.build/docs/build-ref.html#labels">Label</a> | optional | None |
| <a id="container_pull-import_tags"></a>import_tags | Tags to be propagated to generated rules. | List of strings | optional | [] |
Expand Down
1 change: 1 addition & 0 deletions toolchains/docker/pull.bzl.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,5 +7,6 @@ def container_pull(**kwargs):
fail("docker_client_config attribute should not be set on the container_pull created by the custom docker toolchain configuration")
_container_pull(
docker_client_config="%{docker_client_config}",
cred_helpers=%{cred_helpers},
**kwargs
)
9 changes: 9 additions & 0 deletions toolchains/docker/toolchain.bzl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -160,6 +160,7 @@ def _toolchain_configure_impl(repository_ctx):
Label("@io_bazel_rules_docker//toolchains/docker:pull.bzl.tpl"),
{
"%{docker_client_config}": str(repository_ctx.attr.client_config),
"%{cred_helpers}": str(repository_ctx.attr.cred_helpers),
},
False,
)
Expand Down Expand Up @@ -202,6 +203,14 @@ toolchain_configure = repository_rule(
"docker tool (typically, the home directory) will be " +
"used.",
),
"cred_helpers": attr.string_list(
mandatory = False,
doc = """Labels to a list of credential helpers binaries that are configured in `client_config`.
More about credential helpers: https://docs.docker.com/engine/reference/commandline/login/#credential-helpers
""",
default = [],
),
"docker_flags": attr.string_list(
mandatory = False,
doc = "List of additional flag arguments to the docker command.",
Expand Down

0 comments on commit 6ea707b

Please sign in to comment.